www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 3 Issue 4 April, 2014 Page No. 5499-5506
Cloud Storage, Issues and Solution Jitendra Singh, Ashish Jha* PGDAV College, University of Delhi-10065 Email:jitendra.singh0705@gmail.com CVS College, University of Delhi-110017 Email: [email protected]
Abstract— Cloud storage is one of the many services offered by the cloud computing. Cloud storage is much sought due to anytime, anywhere access using wide varieties of devices, for instance, laptop, desktop and smart phones. Due to these capabilities, a number of individuals as well as organizations are subscribing for this service from the various vendors existing in this area. These cloud providers differ from their services in a great deal. This work compares the offering of different storage provider considering the storage space, synchronization capabilities, pricing, compliances etc. Finally, we discussed the major issues that exist in cloud and methods to address them without compromising the cloud performance.
Keywords— Cloud storage, Cloud issues, Cloud performance, storage security.
1 INTRODUCTION platform offered to develop an application is known as Platform as a Service (PaaS) [8]. Cloud computing has emerged as utility based model [1]. In cloud computing, the powerful computing capabilities have been shifted from user end to the cloud provider‘s end. Users can access IT resources from anywhere and at any time, using Cloud services are capable of offering traditional IT multiple devices, such as Smart phones, tablets, lap services with significant cost advantages [9-10]. In tops, etc. [2]. Users can access the cloud resources IaaS model, responsibility of procuring and with the help of browser or installing small maintaining the resources lies on the cloud provider; application at the client end [3]. users end has limited resources capabilities so that it can get connected to the cloud resources. However, Cloud computing offers a wide variety of services, services offered in IaaS are charged as per the which can be broadly categorized into Infrastructure resources subscribed (powerful processor, more as a Service, Platform as a Service and Software as memory, etc.) and their usages. IaaS have a Service. When users are utilizing the powerful significant importance, since hardware gets outdated computing resources such as processor, memory, in every three years as per the Murphy‘s Law. storage, etc. then it is known as Infrastructure as a Therefore, IaaS is profoundly appealing to Small Service (IaaS) [5-7]. When applications are offered and Medium Enterprises (SMEs), due to the fact through the internet at that time, it is known as that infrastructure is to be updated by the cloud Software as a Service (SaaS) [3-5]. Whereas, provider; therefore it frees SMEs from potential
Jitendra Singh, IJECS Volume 3 Issue 4 April, 2014 Page No.5499-5506 Page 5499 updating of hardware while users enjoy the To understand the internal cloud architecture [15] ubiquitous and wide network access. have conducted a study to understand the cloud performance based on architecture and compared Beyond traditional desktop, handheld devices such the 05 major cloud offers, to assess their as tablets as well as Smart phones can also be used performance based on benchmark. [16] Have for accessing the resources and processing of the data. However, these devices suffer from limited measured the performance of drop box- a personal storage capabilities. To address this issue, cloud cloud storage-from various places to identify the providers are also offering cloud storage services architectural and storage protocol dependency of that are appearing to offer unlimited storage cloud. capabilities. Amazon, Google, Microsoft, etc. are some of the major cloud providers offering storage [17- 20, 29] have discussed about the cloud security as a service with different nomenclature. Recently, a due to remote storage of the data and advocated for new trend of storage has emerged in which cloud the public auditability of cloud storage. can be used for storing and backup of the data, similar to that of flash drive and external hard disk, known as storage drive. Drop Box, Google drive, 3 POPULAR CLOUD STORAGE Microsoft‘s sky drive, etc. are some of the prominent examples of such services. Cloud drive is Considering the huge growth potential in cloud also much sought due to its impression of infinite storage, a number of cloud providers are offering resources for the clients, to host data backup. It data storage and backup services. To attract the substantially reduces the storage expenditure of enterprises and individual users, cloud providers are government and enterprises which need to store also offering some of the storage free of cost. Some petabytes of data [11]. cloud providers are entirely dedicated for mobile devices, for instance iCloud. Therefore, it is Cloud storage opening the doors for variety of imperative to understand the salient features of the threats such security, availability of resources and prominent cloud drive existing. In order to facilitate latency is the prominent issues that need to be the users, it also compares the cloud storage offered. addressed in cloud storage. Same has been discussed in section V. A. Google Drive Google drive is the Google version of storage drive and one of the most popular services of this 2 RELATED WORK segment. Its integrity with the Gmail provides To address the security and performance many of further popularity and usage. It has the following main features: the useful work is already available in various prominent journal of this area. Some of these Supports Photos, Videos, documents and prominent work related to the above subject has other files. been discussed as follows: Initially offers 15GB free. More than 30 file type can be viewed To continue using security without compromising without installing the software on user‘s security of the data in cloud. [12] Suggested the computer. method that return only those file that may be Facilitates the sharing of Google document. related to the user only not all the files. This methods was immensely helped to improve the performance without compromising security. [13] B. Drop box Have designed their own cloud to improve the Dropbox is the leader in cloud drive and having performance of cloud storage application related to major share in this segment. Dropbox itself uses the data mining. In other work to address the public cloud model of Amazon. Some of the salient security issue [14] have proposed a method capable features of Dropbox are as follows: of securing the cloud and also supports dynamic users and data provenance. Divides it offering into 03 categories i.e. free, Pro-account and business account.
Jitendra Singh, IJECS Volume 3 Issue 4 April, 2014 Page No.5499-5506 Page 5500 Initially offers 2 GB free that can be extended IT Giant Microsoft offers it storage drive with the upto 18 GB by utilizing various services, for name, Skydrive. It offers the following instance, referral programs. functionalities: Supports windows, Mac, Linux, iPad, iPhone, Allows access of file from wide range of Android & Blackberry. devices, such as PC, Mac, phone and tablets. Keeps one month history of user‘s work. Skydrive offers an application named Therefore, any changes can be undone and file ‗Skydrive desktop app‘ that can be installed can be undeleted. on desktop. By using this application, users Provides admin console to view member can be benefitted of automating the update activities, various linked devices and apps used process between desktop files and Skydrive. to access the resources. Any folder added to this app will be Dropbox provides the security during automatically updated to Skydrive locations. transmission and storage of the data. During Allows sharing of file by means of e-mail, transmission it uses SSL, while for storage face book, with a link but the maximum size AES-256 is used. permitted for this process is 2 GB.
Reliability is the major concern of the cloud user. 4 CLOUD COMPARISON Dropbox claims to offer 99.999999999 % durability and 99.99% availability of objects over a given year Prominent cloud storage differs with one other to a through Amazon public cloud. great extent. These differences can be attributed to various factors, including free space, file type Certification and compliances: Dropbox storage support, sharing support, etc. Comparative features provides the following compliances and of these services have been illustrated in the certification, SSAE16/SOC1 SOC2, ISAE 3402 and following table. ISO 22001 certified on Amazon S3. Dropbox complies with US-EU and US Swiss safe harbor
frameworks regarding personal data [ref]. Table 1: Comparing the Cloud drive
C. iCloud
Drive Dropbox iCloud OneDrive iCloud is cloud storage and computing services Google launched in Oct 2011 [ref]. In March 2013, Apple implemented 2-way authentication to enhance the Free Space 15GB 2GB 05 07 user's security. However, a huge security hole is [23] [24] GB GB detected that any hacker can reset the user‘s [25] [26] password by knowing his email-id and date of birth. Sync Yes Yes Not Yes The two ways authentication also faced the criticism Support avail due to delay took place at the provider‘s end in able switching over. Users who have given consent to switch over; provider took 02 days in making the Sharing Yes Yes Yes Yes new service available [21]. support iCloud can be accessed using iPhone, iPad, or iPod Office Yes No No Yes with iOS 5or later. It supports AES 128 or more key package for security during transmission, storage in server. support Recently, iCloud has released interesting number Types of Free Free Free Free related to iCloud usage. As per the Apple, 300 account million accounts, 800 billion messages and 7.4 offered trillion push notification are served by iCloud since Encryption NA AES-256 128, NA its inception [22]. 256 Support AES D. SkyDrive
Jitendra Singh, IJECS Volume 3 Issue 4 April, 2014 Page No.5499-5506 Page 5501 followed by corporate sector. Results also revealed Reliability 99.9999 that there is more threat on corporate data, the key 999999 reason for this is to take the competitive edge on the Compliance FISMA, SSAE NA ISO2 competitors. ISO- 16 SOC 7001, 27001, audits, FISM SSAE SOC 2 A, 16, type HIPA HIPAA 2[27] A BAA
2-way Yes Yes Sup Yes authenticati porte on d[i1]
OS Support Window, Window, iOS, Wind Mac, Mac, Mac, ow, Android, Android, Wind Mac, iOS, iOS, ows Andro Linux, 7 or id, Kindly 8, iOS, fire, BlackBer Figure 1: Security breach 2011(Q4) and 2012(Q1) ry 5.1.1 Transmission security
5 ISSUES IN CLOUD STORAGE A. In cloud ERP, data is required to be Cloud storage is widely used by the various transmitted from user end to the cloud provider‘s enterprises and the individual users. It is appreciated end. Users are accessing the cloud resources using due to its wide, anytime and anywhere accessibility. computer or more frequently using portable devices However, a number of issues are prevailing in cloud due to mobility. Transmission requires security so storage and need immediate attention. Major issues that no one in between can inferred the transmitted that are applicable for the cloud storage are: data. To secure the transmitted data, encryption can be used, but existing encryption techniques that includes RSA, Data encryption standard (DES) and Security Issue triple DES, degrade the performance. Performance B. Cloud solution: In cloud computing resources can be accessed by browser that supports SSL for 5.1 Security Issue security that encapsulates application specific protocols HTTP or HTTPS. Data encrypted by SSL In recent years, information & data security breach is difficult to infer, at the same time having has become the vibrant subject. In 2012, [28] negligible overhead on performance. SSL is highly released a report related to information security and suitable for financial institutions such as Banking, data breach. Report has identified 60 sectors where healthcare, and share trading etc. the data breach has occurred. It also compared the information and data breach for the various sectors, including, corporate, education, healthcare, etc. that took place in 2011 and 2012; same is illustrated in 5.1.2 Storage Security figure 1[28]. From the result of figure 1, it is In traditional system user can access the resources revealed that health care is the most sensitive by supplying the credential. This mechanism industry for data security and highest number of ensures that only legitimate users get the data breach has occurred in this industry. It is accessibility of the resources. Security is
Jitendra Singh, IJECS Volume 3 Issue 4 April, 2014 Page No.5499-5506 Page 5502 compromised due to the personnel having physical the cloud storage to be followed and measures that accessibility and they misuse that privilege. To need to be put in place to ensure the cloud storage overcome this limitation, application ensures that security. data at storage is encrypted and anyone accessing the stored data gets the encrypted copy only. This data can only be de-encrypted by the application 1. In Google drive, cloud lock can be used, this logic of user‘s application. improves the security of personal information and ensures PCI compliance. It assists the users in Cloud solution locating the file and documents containing sensitive In case of cloud, it is the responsibility of the cloud personal and financial information. provider to ensure that data is secured. Therefore, 5.1.4 Compliances provider has to place the measures so that there is no direct snooping of client‘s data. Due to multi-locations of cloud data center, even though cloud providers say they provide the 5.1.3 Physical security identical control in all data center, yet the user is A. Critical and sensitive data is stored in concerned whether it exist in paper or in reality, enterprise premises, and location of physical storage therefore warrant on site audits. is known. To secure the data physically requires heavy guarding, which leads to huge expenditure. Even with the high expenditure incurred security is compromised due to security personnel employed may be tempted to get the data. In case of cloud, location of data is not known, size of data center is 18 extremely large therefore locating the data of a 16 read particular company from thousands of storage devices is challenging. 14 write 12 T S i 10 e m 8 c e 6 o 4 n 2 i d n 0 Amazon AT&T Azure Nirvanix Peer1 RackSpace
Figure 3: Average read and write time
Commercial environment need to comply with Center for internet security (CIS) or by and industry Figure 2: Share of Personal Cloud Storage group such as the payment card industry (PCI) security standards council (SCC).
Use of VMware‘s Vcenter configuration B. Solution management (VCM) support shows sync/ deviation from the compliance such as SOX, PCI, DSS, Improving security in cloud storage is critical issue HIPAA & FISMA An emerging standard called the and provider need to follow the certain measures to NIST security control automation protocol( SCAP) ensure that data stored in the cloud is safe and also supported by VCM. secure. At the same time cloud users also need to ensure that the cloud storage which they have subscribed is secure and fulfilling the major security standards prescribed by the various agencies. The upcoming section describes the major standards in
Jitendra Singh, IJECS Volume 3 Issue 4 April, 2014 Page No.5499-5506 Page 5503 5.2 Performance Issue subscribed cloud. Data that is stored in the cloud provider‘s end must be secured. At the same time it Performance in the cloud is a critical issue and is only inevitable that cloud should services must be considered as detrimental factor for proliferation of available for the maximum of the time. However, cloud. Users subscribing for the cloud presumes that is not the case. Almost, all the cloud unexpected computational power and expects the considered, almost all the cloud are having performance at-least similar or more than the downtime. In the measured case, Azure, Rackspace desktop. Therefore, clouds which will not be were the two cloud providers who have performing as per the expectation of the cloud user substantially suffered from the cloud outage. will vanish from the scene. However, Azure and Rackspace cloud provider To evaluate the cloud based on performance, a were the victorious for the availability. They have study is conducted by Nasuni [12]. As per this study outperformed the other types of cloud provider of a number of cloud provider have considered for the this segment. study to determine which cloud is performing the best. As per the study, many cloud could not pass the minimum benchmark set for the performance 120 [Rel1]. However, the cloud provider like Amazon, AT&T, Azure, Nirvanix, etc. were the 100 outperformers among the considered cloud. [12] 80 have studied the performance for substantially long Availability time from 2009 to 2011. Performance was measured 60 Average outage on the basis of read and write speed of the cloud considered. The other factor was availability and 40 reliability offered by the cloud provider. Same has 20 been discussed in the upcoming sub-section. 0 Amazon AT&T Azure Nirvanix Peer1 RackSpace 5.2.1 Read and Write speed To determine the speed of cloud provider read and write speed was measured of various cloud Figure 4: Average Availability and cloud outage considered. If the cloud provider is having better speed of reading and writing then it denotes the less time taken to perform certain task. Read speed was 6 CONCLUSION extremely good of Nirvanix and closed followed by Azure, same is illustrated in the figure 3. Cloud storage has the huge potential to emerge as the substitute for legacy storage. It equally appeals Correspondingly, the write time taken by the other to individuals as well as SME. A number of cloud provider was also evaluated, it is revealed that predictions are in the favour of cloud storage and Nirvanix, Azure, Rackspace is having the better cloud drive. However, before subscribing to the speed than other cloud providers, refer figure 3. In cloud storage great care is to be observed related to both the occasion peer1 was having the minimum security and performance to avoid any loss later on. speed for reading and writing. Therefore, it will be It will be equally important that cloud provider appealing to the segment of user who prefer the should not only keep the cost to the affordability of cloud speed that should be excellent among it the cloud users instead also take care of security and segment. performance issue so that those who have adopted the cloud are more satisfied. This will facilitate the exponential growth of cloud computing.
5.2.2 Reliability and availability 7 REFERENCES Reliability is a major issue in cloud computing due [1] R. Buyya, C.S. Yeo, S. Venugopal, J. Broberg, I. to the resource controlling by the cloud provider. Brandic, Cloud computing and emerging it Therefore, users expect high level of services for the platforms: vision, hype, and reality for
Jitendra Singh, IJECS Volume 3 Issue 4 April, 2014 Page No.5499-5506 Page 5504 delivering computing as the 5th utility, Future [10] G. Pallis, ―Cloud computing: The new frontier Generation Computer Systems 25 (6) (2009) of internet computing‖, IEEE IT 599–616. Professional,Vol. 12, No. 5, 2010, pp. 36–41. . [10] J. Spillner, J. Muller, A. Schill, Creating [2] U. Maheshwari, R. Vingralek, W. Shapiro, How optimal cloud storage systems, Future to build a trusted database system on untrusted Generation Computer Systems, in press, storage, in: Proceedings: Symposium on published online on 16 June 2012 Operating System Design and Implementation, (http://dx.doi.org/10.1016/j.future.2012. OSDI 2000, USENIX, San Diego, California, 06.004). USA, 2000, pp. 135–150. [11] M. Armbrust, A. Fox, R. Griffith, A.D. [3]A. Chien, B. Calder,S. Elhert, & K. Bhatia, Joseph, R. Katz, A. Konwinski, G. Lee, D. "Entropia: architecture and performance of an Patterson, A. Rabkin, I. Stoica, and M. enterprise desktop grid system, Journal of Zaharia, ―A View of Cloud Computing.‖ Parallel and Distributed Computing", Vol. 63, Comm. ACM, vol. 53, no. 4, pp. 50-58, Apr. No.5, 2003, pp.597–610. 2010. [4] N. Fernando, S.W. Loke, W. Rahayu, Mobile cloud computing: a survey, Future Generation [12]Nasuni,"The State of Cloud Storage: A Computer Systems 29 (1) (2013) 84–106. Benchmark Comparison of Performance, [5] R. Aoun, C.E. Abosi, E.A. Doumith, R. Stability and Scalability",white paper, Nejabati, M. Gagnaire, D. Simeonidou, available at www.nasuni.com Towards an optimized abstracted topology design in cloud environment, Future Generation [13] Robert L. Grossman, Yunhong Gu, Michael Computer Systems 29 (1) (2013) 46–60. Sabala, Wanzhi Zhang, "Compute and storage clouds using wide area high performance [6] M. Armbrust, A. Fox, R. Griffith, A.D. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, networks", Future Generation Computer A. Rabkin, I. Stoica, M. Zaharia, A view of Systems, Vol.25, 2009, pp. 179–183. cloud computing, Communications of the ACM [14] Sherman S.M. Chow, Cheng-Kang Chu, Xinyi 53 (4) (2010) 50–58. Huang,Jianying Zhou, and Robert H. Deng, [7] S. Abrishami, M. Naghibzadeh, D.H. Epema, "Dynamic Secure Cloud Storage with Deadline-constrained work flow scheduling Provenance", D. Naccache (Ed.): Quisquater algorithms for infrastructure as a service Festschrift, LNCS Springer-Verlag, Berlin clouds, Future Generation Computer Systems Heidelberg, 6805, pp. 442–464, 2011. 29 (1) (2013) 158–169. [15] Drago, Idilio, Enrico Bocchi, Marco Mellia, [8]P. Mell, & T. Grance, "The NIST definition of Herman Slatman, and Aiko Pras. cloud computing", special Publication 800-145, "Benchmarking personal cloud storage." In 2011, National Institute of Standards and Proceedings of the 2013 ACM conference on Technology, available at http://csrc.nist.gov/ Internet measurement conference, pp. 205- publications/ PubsSPs.html#800-145. 212., 2013. [9] G. Lin, D. Fu,J. Zhu, J., & G. Dasmalchi, G.,
―Cloud computing: IT as a service‖, IT Professional (IEEE), Vol. 11, No. 2, 2009, pp. [16] Drago, I., Mellia, M., Munafò, M.M., Sperotto, 10–13. A., Sadre, R. and Pras, A. 2012. Inside Dropbox: Understanding Personal Cloud Storage Services. In Proceedings of the 12th ACM SIGCOMM Conference on Internet
Jitendra Singh, IJECS Volume 3 Issue 4 April, 2014 Page No.5499-5506 Page 5505 Measurement. IMC ‘12. Pages 481-494. DOI=http://dx.doi.org/ 10.1145/2398776.2398827 [17] G. Ateniese, R. D. Pietro, L. V. Mancini, and G. Tsudik, ―Scalable and efficient provable data possession,‖ in Proc. of SecureComm‘08. New York, NY, USA: ACM, 2008, pp. 1–10. [18] C. Wang, Q. Wang, K. Ren, and W. Lou, ―Ensuring data storage security in cloud computing,‖ in Proc. of IWQoS‘09, Charleston,South Carolina, USA, 2009. [19] C. Erway, A. Kupcu, C. Papamanthou, and R. Tamassia, ―Dynamic provable data possession,‖ in Proc. of CCS‘09. Chicago, IL, USA:ACM, 2009. [20] K. D. Bowers, A. Juels, and A. Oprea, ―Hail: A high-availability and integrity layer for cloud storage,‖ in Proc. of CCS‘09. Chicago,IL, USA: ACM, 2009, pp. 187–198. [21] L. Bouganim, P. Pucheral, Chip-secured data access: confidential data on untrusted servers, in: Proceedings: International Conference on Very Large Data Bases, VLDB 2002, Morgan Kaufmann, Hong Kong, China, 2002,pp. 131– 142 [23] https://support.google.com/drive/answer/ 6558?hl=en [24] https://www.dropbox.com help 3 [25] support.apple.com kb ht48 4 [26] https://skydrive.live.com ManageStorage [27] https://www.dropbox.com/business/features [28] http://support.apple.com/kb/ht5570 [29] Qin Liua, Guojun Wanga, Jie Wub, "Secure and privacy preserving keyword searching for cloud storage services" Volume 35, Issue 3, May 2012, Pages 927–933.
Jitendra Singh, IJECS Volume 3 Issue 4 April, 2014 Page No.5499-5506 Page 5506